1. Field of the Invention
The present invention relates in general to the field of network security and more specifically, to intrusion prevention systems.
2. Description of the Related Art
The use of networks has grown significantly over the last few years. Concurrently, the sophistication of internal and external network attacks in the form of viruses, Trojan horses, worms and malware of all sorts has increased dramatically. Just as dramatic is the accelerated increase of network speeds and a corresponding drop in their cost, thereby driving their rapid adoption. These factors and others have necessitated the development of innovative and more advanced network security mechanisms.
For example, Intrusion Detection Systems (IDS) can often detect network attacks, but as passive systems they generally offer little more than after-the-fact notification. In contrast, Intrusion Prevention Systems (IPS) have been developed to complement traditional security products such as firewalls by proactively analyzing network traffic flows and active connections while scanning incoming and outgoing requests. As network traffic passes through the IPS, it is examined for malicious packets. If a potential threat is detected or traffic is identified as being associated with an unwanted application it is blocked, yet legitimate traffic is passed through the system unimpeded.
Properly implemented, IPSs can be an effective network security safeguard. However, there is a current need for additional IPS capabilities, such as the ability to protect against attacks from peers sharing a common switch. Other needs include the ability to scale existing IPSs to accommodate higher network link speeds and balance traffic loads across multiple IPSs. Similarly, there is a growing demand for greater numbers of port types and port counts, as well as enhanced availability during system failures, replacements or updates. Likewise, with the growing popularity of applications such as voice over IP (VoIP), there is a need for enhanced traffic management through port segmentation and improved system performance through the use of “trusted” and “known bad” (e.g., discarded) traffic flows. In view of the foregoing, more flexible, scalable and manageable implementations of IPS capabilities are needed.